The Hacker News — Cyber Security, Hacking, Technology News

Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach.

Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users.

However, in a selection of files obtained through sources in the database trading community and breach notification service Leakbase, Motherboard found around 5GB of files containing details on 68,680,741 accounts, which includes email addresses and hashed (and salted) passwords for Dropbox users.

An unnamed Dropbox employee verified the legitimacy of the data.

Out of 68 Million, almost 32 Million passwords are secured using the strong hashing function "BCrypt," making difficult for hackers to obtain users' actual passwords, while the rest of the passwords are hashed with the SHA-1 hashing algorithm.

These password hashes also believed to have used a Salt – a random string added to the hashing process to further strengthen passwords in order to make it more difficult for hackers to crack them.

"We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," said Patrick Heim, Head of Trust and Security for Dropbox.

"We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password."

Dropbox initially disclosed the data breach in 2012, notifying users that one of its employee passwords was acquired and used to access a file with users’ email addresses, but the company didn't disclose that the hackers were able to pilfer passwords too.

But earlier this week, Dropbox sent out emails alerting its users that a large chunk of its users’ credentials was obtained in 2012 data breach that may soon be seen on the Dark Web marketplace, prompting them to change their password if they hadn't changed since mid-2012.

"Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012," the company wrote. "Our analysis suggests that the credentials relate to an incident we disclosed around that time."

Dropbox is the latest to join the list of "Mega-Breaches," that revealed this summer, when hundreds of Millions of online credentials from years-old data breaches on popular social network sites, including LinkedIn, MySpace, VK.com and Tumblr, were sold on Dark Web.

The takeaway:

Change your passwords for Dropbox as well as other online accounts immediately, especially if you use the same password for multiple websites.

Also use a good password manager to create complex passwords for different sites as well as remember them. We have listed some best password managers that could help you understand the importance of password manager and choose one according to your requirement.

Remember RapidShare? Once one of the world's most popular and first ever one-click online file hosting and cloud storage website on the Internet. The company has announced that it will shut down its business at the end of next month.

RapidShare file hosting service announced its shut down Tuesday through a notice on its official website, saying that it will stop active service on March 31, 2015. All user accounts on the website will no longer be available after this date, and all files will be deleted automatically.

WHAT RAPIDSHARE USERS MUST DO ?

"We strongly recommend all customers to secure their data. After March 31st, 2015 all accounts will no longer be accessible and will be deleted automatically," the notice on RapidShare official website reads.

Just two days back, the most popular Torrent website KickAss Torrents banned by the .so registry (Somalian registry), forcing the site's operators to switch to another domain. Now, suddenly the oldest and popular file hosting service is closing up its shop.

RapidShare, founded in May 2002, was widely used to share copyrighted content directly. In 2009, the site claimed to have 10 petabytes of files uploaded to its servers, and in 2010, it was said to have hundreds of millions of visitors per month, making it among the world’s 50 most popular websites.

REASON BEHIND THE SHUT DOWN

The reason behind the sudden shutdown decision is still unclear, however, the legal troubles related to copyright infringement have plagued the company for years.

RapidShare has often been faced several lawsuits just like all other notorious file hosting services including The Pirate Bay, Megaupload and Isohunt, which all have been hit with legal issues for facilitating copyright infringement.

While RapidShare worked to cooperate with the entertainment industry and even tried to rebrand itself as a personal cloud storage service in recent years by introducing a number of measures to discourage infringement. But at the end, its user base fell dramatically. It’s likely the site simply isn't as profitable as it once was.

The reason behind the closure could also be the increasing competition with the other cloud storage services. We know that RapidShare cloud file hosting servers provides unlimited upload and download sizes, but the service does make you wait to download files if you are not its premium user.

Comparatively, RapidShare charges roughly $680 per year for 300GB of space, while Dropbox charges just $99 a year for 1TB.

ONLINE FILE STORAGE SERVICES Vs. COPYRIGHT INFRINGEMENT

MegaUpload, one of the largest file sharing websites on the Internet, was shut down in 2012 by federal prosecutors in Virginia, and the site's founder Kim Dotcom and three others were arrested by the police in New Zealand at the request of US authorities, conspiring to commit copyright infringement.

The same happened in the case of The Pirate Bay — a widely popular torrent download website predominantly used to share copyrighted material free of charge, when TPB went dark from the Internet following a raid in Sweden.

The raid was in response to a complaint from Swedish anti-piracy group Rights Alliance. The police raided The Pirate Bay's server room in Stockholm and seized several servers and other equipment. However, the infamous torrent download website The Pirate Bay (TPB) made a defiant return and finally came back online last weekend.